GRE / IPSEC pass through

I am in the process of setting up a new facility.  I have a vendor who is going to be onsite and will have his own network.  I have a cisco 2811and I am in the initial configuration stage, so nothing is locked down, yet!  This vendor has his own cisco router, and is going to connect via gre / ipsec to his corporate network.  I have configured a static nat that takes all the traffic from the public ip address, nats it to the static address (the vendors router interface).  The tunnel doesn't come up.  Am I missing something?  Can I pass this through with static nat?  My code pieces are below.  Thanks in advance for any help someone can provide.  I am also using dynamic nat on the serial interface for browsing.
interface FastEthernet0/1.31
 description vendor network
 encapsulation dot1Q 31
 ip address 10.38.31.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 
 
 
interface Serial0/0/0:0
 description Connection to internet
 bandwidth 1536
 ip address 12.y.y.5 255.255.255.252
 ip nat outside
 ip virtual-reassembly
 encapsulation ppp
 no cdp enable
 
 
ip nat inside source static 10.38.31.2 12.x.x.1 
ip nat inside source static 10.38.31.2 
 
! 12.x.x.1 public ip address on my network (vendor connects to this address)
! 10.38.31.2 vendors ethernet port on their router

Open in new window

LVL 2
holidayinnexpressAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

JFrederick29Commented:
You are missing "ip nat inside" on the Fa0/1.31 interface.

conf t
interface FastEthernet0/1.31
ip nat inside
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
holidayinnexpressAuthor Commented:
Jfrederick you are exactly correct.  I noticed this yesterday, and inserted that statement.  The GRE tunnel established but we could never get the ipsec up and ultimately traffic to pass.  I was receiving unexpected packet on port 4500.  We decided to punt on this and i ended up putting the public address on the ethernet port and locking it down with acl's.  Thanks for the response.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Internet Protocol Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.